diff options
author | Byron Jones <glob@mozilla.com> | 2015-08-21 06:02:59 +0200 |
---|---|---|
committer | Byron Jones <glob@mozilla.com> | 2015-08-21 06:02:59 +0200 |
commit | ca9691331fb19542477b6205024921388321829b (patch) | |
tree | e36c885b8675c4aea7a7e1d9850eb4edc97c8b9c | |
parent | 667ecc34ee8336e97fba1229e7b520bf42293860 (diff) | |
download | bugzilla-ca9691331fb19542477b6205024921388321829b.tar.gz bugzilla-ca9691331fb19542477b6205024921388321829b.tar.xz |
Bug 1195645 - don't create a new session for every authenticated REST/BzAPI call
-rw-r--r-- | Bugzilla/Auth.pm | 7 | ||||
-rw-r--r-- | Bugzilla/WebService/Server/REST.pm | 7 |
2 files changed, 12 insertions, 2 deletions
diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm index 6583d4e8b..88eadbe19 100644 --- a/Bugzilla/Auth.pm +++ b/Bugzilla/Auth.pm @@ -172,8 +172,11 @@ sub _handle_login_result { # because the persistance information can't be re-used again. # (See Bugzilla::WebService::Server::JSONRPC for more info.) if ($self->{_info_getter}->{successful}->requires_persistence - and !Bugzilla->request_cache->{auth_no_automatic_login}) - { + and !( + Bugzilla->request_cache->{auth_no_automatic_login} + || Bugzilla->request_cache->{dont_persist_session} + ) + ) { $user->{_login_token} = $self->{_persister}->persist_login($user); } } diff --git a/Bugzilla/WebService/Server/REST.pm b/Bugzilla/WebService/Server/REST.pm index 858375247..d94fb1d81 100644 --- a/Bugzilla/WebService/Server/REST.pm +++ b/Bugzilla/WebService/Server/REST.pm @@ -189,6 +189,13 @@ sub handle_login { my $full_method = $class . "." . $method; $full_method =~ s/^Bugzilla::WebService:://; + # We never want to create a new session unless the user is calling the + # login method. Setting dont_persist_session makes + # Bugzilla::Auth::_handle_login_result() skip calling persist_login(). + if ($full_method ne 'User.login') { + Bugzilla->request_cache->{dont_persist_session} = 1; + } + # Bypass JSONRPC::handle_login Bugzilla::WebService::Server->handle_login($class, $method, $full_method); } |